Skip to Content.
Sympa Menu

grouper-users - [grouper-users] new feature: Grouper "Custom UI" to help diagnose access issues and ease self enrollment

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] new feature: Grouper "Custom UI" to help diagnose access issues and ease self enrollment


Chronological Thread 
    < Chronological >      < Thread >
  • From: "Hyzer, Chris" <>
  • To: " Mailing List" <>
  • Subject: [grouper-users] new feature: Grouper "Custom UI" to help diagnose access issues and ease self enrollment
  • Date: Thu, 26 Mar 2020 16:56:25 +0000
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=isc.upenn.edu; dmarc=pass action=none header.from=isc.upenn.edu; dkim=pass header.d=isc.upenn.edu; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UHueIZYbIlHUnPuAm/GkvIapumMnNhdLDcDxTI4R/8s=; b=aPTO40ZMYXlFsMy6RMLlqrSDGzajD258jruiEJX1dnp42HKrZZ7tJvZyR+cSqbVUHsHb7cBa8bm9UVhxnRHLO9x0TjykPi9mjlCeN/43Krd9u7YIrNK/QZSOxMWnnrK3NQWBJra/V8pvL5Fpob6bkvyXFm/GSYMa02DKmCj+ZQBxQpFpUFs1hfwU7Fzat9tNdO2RyG26VRuvA4ImCYuqdYC7ggHcBDZ+n5kaMaTH/ypSB/irOg+9luwhr6ie5RN5t8mgZu2SXX9DOEGIgydb0gpIwsyERMJDM/RxcTHqsqGSdgbtKf+mQk2Yf3FMPd2pUnInMvXFu11kljphlrnTvg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jvH19/8MNnKgfWhvD0hVPpyOAJxMrHxhcHs2f9TtMi7ofeUom9UaeGCYxO8NSzsln3J8NzLYUuUXy2qXmu9YtR9xaqlQeCRlAccjPjcJFwArbNQDCBxcEvlJSRFrnxQS9aOTnwhJTpROhwC0Vwe150JbVowPJV1S6GCmze95C1lOVaMVJxIY9aHsIccVvna5HheTw+TEvH78qDMrbH5CZcGdh86occUpoE2KAgMSIrCxMk0O/TBc4/kwePjBhWUmHeG30iCmkTMzfTvc5NtzKujR1S/Fg2gTOh+AcTT/1TKUaP6W54KLvgM6LoyGVt2+CvU7GTb0RiPpLbug4HclhQ==

Grouper manages access.  Visualization and Reports are a step in the right direction to help analyze the access.  This new feature takes that even further to consolidate access analysis for a particular policy for a user, in one screen.

 

In the latest 2.4 patches there is a new feature in Grouper where you can analyze someone’s access and craft a custom UI screen.

 

This screen can help end users enroll or unenroll in something.  And/or for managers (people with READ/UPDATE) to analyze someone’s access to see why things are not correct or to enroll/unenroll them.

 

https://spaces.at.internet2.edu/display/Grouper/Grouper+custom+UI

 

Here is the example we did for Penn:

 

https://spaces.at.internet2.edu/display/Grouper/Grouper+custom+UI+example+at+Penn

 

To begin, you decide what you need to know to analyze access.  Does the user have certain group memberships and privileges?  Are they provisioned to LDAP?  Is some database up to date?  Check in Azure?  Run an arbitrary EL java call?  Assign all of those things to variables.

 

Then craft your screen around the decisions.  If the user has not met a pre-req (e.g. MFA), give them a link to go enroll in that.  If the user is not even eligible, tell them why (they cant change their enrollment because they are required by policy).  If the user is enrolled but the provisioning isn’t done, let them know that and tell them how long it might take.

 

For this pass, all the Grouper bells and whistles and links are not available from this custom UI screen.  We could have other views that have them stuff, but for now its not there.  i.e. simple ui

 

Managers (or help desk workers) can see all the variables and responses so they can instantly know whats going on.  No need to go poke around various groups.  No need to go check LDAP.  No need to look at their account in Azure.  No need to run some SQL queries.

 

We did what we thought was a pretty simple use case at Penn: allow users to self enroll in MFA for O365 before their org requires them to do so, so they can see if their mail clients still work etc.  Even that turned out to be a dozen variables and a bunch of conditional screen text.  But now it is very clear what is happening and what the user needs to do to get the task complete.

 

Let me know if you are interested in trying out this new feature.  The documentation might be a little confusing until more people try it out and iron out the wrinkles.

 

Thanks!

Chris


  • [grouper-users] new feature: Grouper "Custom UI" to help diagnose access issues and ease self enrollment, Hyzer, Chris, 03/26/2020

Archive powered by MHonArc 2.6.19.

Top of Page